Skip to main content

U.S.-China Cybersecurity Cooperation

September 8, 2017


Celia Louie

Since the early 2000s, cyber espionage issues have strained U.S.-China relations. In response, the U.S. and China entered into a cybersecurity agreement in 2015 to decrease economic espionage between the two countries. There has been much debate about the effectiveness of the agreement, especially considering the U.S. and China’s varying approaches to governance and cyberspace use.

While the agreement has increased the communication between the two countries, it is uncertain whether it has had any major impact on U.S-China relations, particularly in light of President Trump’s new approach to international relations. However, although the U.S.-China Cybersecurity Agreement’s effectiveness has been contested, it still presents a considerable breakthrough in U.S.-China relations and is a promising start for future cybersecurity agreements.

The 2015 U.S.-China Cybersecurity Agreement

In 2015, Obama and Xi Jingping reached an agreement pledging that there would not be government sponsored economic espionage in cyberspace. The U.S.-China Cybersecurity agreement is a bilateral agreement meant to prevent the economically motivated cyber espionage between the two countries, particularly the theft of intellectual property and trade secrets.

The agreement was meant to ease relations between the two countries in the wake of Snowden’s revelations about U.S. surveillance. The 2013 Snowden leak revealed the extent of U.S. surveillance strained U.S.-China relations. Snowden’s materials showed that since 2009, the U.S. had been hacking China and Hong Kong – something that further soured cybersecurity relations.

In 2014, the U.S. indicted five Chinese military officers for stealing trade secrets from U.S. firms, including economic espionage targeting solar, steel, and aluminum companies. Some believe that this indictment may have been a factor for China to curtail intellectual property theft. Following that, the 2015 discovery of the Office of Personal Management data breach, widely believed to be Chinese state-sponsored, caused the U.S. to threaten to respond with economic sanctions against China. Following these events, in 2015 President Obama visited China to discuss economic espionage with President Xi Jinping.

Overall, the U.S. and China agreed to “provide timely responses to requests for information and assistance concerning malicious cyber activities, refrain from conducting or knowingly supporting cyber-enabled theft of intellectual property, pursue efforts to further identify and promote appropriate norms of state behavior in cyberspace within the international community, and establish a high-level joint dialogue mechanism on fighting cybercrime and related issues.”

The workings of the agreement were slow to be established and even setting up temporary email addresses took months after announcing the cyber agreement talks. As part of the agreement both governments agreed that they would not conduct or support economically motivated cyber espionage and that there would be enhanced communication and cooperation in fighting cybercrime.

What the Agreement Has Done

Despite skepticism, the agreement has enhanced the discourse surrounding cyber espionage. There has been a “hotline” set up for emergency communications and meetings every six months to discuss cybersecurity cooperation among senior officials. While measures such as the hotline were slow to come about, the economic focus of the agreement has given both countries common ground to build upon. There have since been agreements on conducting seminars on network security and the misuse of technology to commit acts of terrorism.

Some sources indicate that Chinese hacks against American companies have decreased by over 90% in the past year and a half, indicating a significant drop in intellectual property and trade secrets theft. Espionage against U.S. government targets has continued, however, and it is important to note that the initial agreement was focused on economically motivated cyber espionage, not government targets. Therefore, the decrease in digital theft of U.S. business secrets has appeared to lessen tension between Washington and Beijing in regards to economic espionage. With economics as the common ground, this driving factor emphasizes the mutual interest in decreasing state sponsored economic-related attacks.

What the Agreement Hasn’t Done

The agreement has yet to demonstrate whether it has made significant impact on U.S.-China relations, especially in providing an avenue of discourse for other major policy disputes. The agreement also does not eliminate the need to increase U.S. cybersecurity efforts, as any false confidence would be a vulnerability. It appears to be too soon to tell whether the agreement has impacted U.S.-China relations in a major way, especially with the levels of natural mistrust.

As trust is rare in this bilateral relationship, it might be difficult to maintain this in cyberspace where there are varying dialogues about the laws and rules in cyberspace itself. While the past Obama Administration and China stated that both governments would not support cyber-related espionage of intellectual property, this still leaves room for both to either not acknowledge these attacks or claim that they are not government supported.

Further, there is also the question of whether cyberattacks have actually gone down or whether these attacks have become more sophisticated and difficult to track. Cyberattacks appear to be increasing from other nations and while traffic directed from China has decreased, these attacks may be outsourced instead. While it would be difficult to prove this kind of outsourcing exists, it raises an additional challenge to the sophistication of cyberattacks. A report was released claiming that the number of networks compromised has decreased from 60 in February 2013 to less than ten by May 2016, but this decline in attacks might be a result of more advanced attacks that occur with less frequency.

What is the Future of the Agreement?

The establishment of the agreement signifies the opportunity for the U.S. and China to resolve some of the bilateral tensions, but both parties need to make notable improvements. Last year, President Donald Trump vowed that he would have a plan for U.S. cybersecurity efforts within 90 days of taking office but this target date was delayed. Obama was for international cooperation, whereas Trump was initially unclear with his direction, but has said he intends to make cybersecurity a priority. There has been a statement released insisting that there has been a “diverse set of executives with both government and private sector expertise who are currently working to deliver an initial cybersecurity plan through a joint effort between the National Security Council and the Office of American Innovation.”

There have been concerns from U.S. cybersecurity experts that Trump’s inconsistent style may undermine U.S.-China relations. Since then, there has been an executive order signed to increase the U.S. government’s cybersecurity, including protecting critical infrastructure from cyber attacks. The executive order lays out goals to enhance protection and highlights the need to have cooperation with U.S. allies.

While there has been a slow development of cybersecurity from the new administration in the U.S., the recent China-Australia cybersecurity agreement looks promising. The bilateral agreement announced appears to be similar to the U.S.-China agreement and focused on not having the governments supporting cyber theft of intellectual property and having mechanisms to discuss cyber crime issues. China and Australia have agreed to act accordingly with the United Nations Group of Governmental Experts on Cyber for norms.

The U.S.-China agreement, if sustained, can stand as a model for other bilateral arrangements to be made to decrease economic espionage and other cyber-related issues. This paves the way for potentially making future bilateral agreements easier if there is a model to follow or improve upon.

Directions Forward

In order for cybersecurity efforts to be effective, bilateral cooperation is important. With the lack of current news on U.S. cybersecurity relations with China, this raises concerns for the U.S.’s direction and the implications on the U.S.-China cybersecurity agreement. There needs to be more work towards the prevention of theft of intellectual property, such as preventing government sponsored hackers from hacking companies, before moving into other contested cybersecurity concerns.

However, there needs to be an acknowledgement of the tradeoffs in bilateral cooperation. With the Internet accounting for a large share of the economy, looking at security and growth and the tradeoffs between the two countries is important. Additionally, there appears to remain unresolved disconnect. China needs to make more efforts to restrain attacks since there is currently little incentive for this. The U.S. needs to update its cybersecurity plans to increase cybersecurity resilience and continue Obama’s efforts to protect critical infrastructure from cyber threats. As this has been stated in Trump’s executive order, this looks promising. Additionally, there should be a better look into whether the cyber espionage has decreased or whether these attacks are being outsourced or more sophisticated.


It is clear that the U.S. and China have shared cybersecurity interests, but having these concerns mirrored in sustained cooperation is a work in progress. The agreement still appears to be promising in targeting economically-motivated espionage, and might stand as a basis for expanding the agreement or for other bilateral cybersecurity agreements.

While the agreement has increased the level of conversation and appears to have decreased the number of cyberattacks against U.S. companies, it is unclear whether these attacks actually have decreased or if they are not as easily detected with the increased sophistication of cyber attacks. A reduction in economic espionage could ease bilateral tensions but there are still areas of focus that have gaps.

The U.S.-China Cybersecurity agreement seems promising, but only if there remains discourse and efforts to effectively decrease economic espionage. Above all, an updated U.S. cybersecurity plan needs to be formulated in order to move forward and to work towards better relations with China to decrease cyber espionage. In regards to future agreements, the U.S.-China agreement if proven effective, could serve as a model for future bilateral cybersecurity agreements as seen with the China-Australia agreement.

This publication was made possible in part by a grant from Carnegie Corporation of New York. The statements made and views expressed are solely the responsibility of the author.